Table of Contents

Related Documents

01-Text

Title	Size	Download
01-Text	1.53 MB

About the SeerEngine-Campus controller

SeerEngine-Campus is an SDN controller designed for the application-driven campus network. From a unified GUI, SeerEngine-Campus offers compressive campus network management capabilities, including zero-touch device deployment, user authentication and access control, service chaining, micro-segmentation, campus and DC interconnect, and service orchestration.

Features

SeerEngine-Campus provides the following features:

· Zero-touch device deployment—Provides fully automated underlay network deployment. Network devices can be automatically configured in plug and play mode, which frees the administrator from the tedious, error-prone tasks of node-by-node device configuration.

· User authentication—Supports various user authentication methods, including 802.1X, MAC authentication, and MAC portal authentication.

· Access control—Enforces access control on users based on their user group membership.

· Service chaining—Supports routing traffic along a chain of connected services such as firewalls and loading balancing. The chained service nodes can be third-party devices.

· Micro-segmentation—Decouples security groups from virtual networks, enabling service orchestration and deployment across management domains.

· Converged Campus & DC—Interconnects campus VPN networks and data center VPN networks.

Deployment modes

SeerEngine-Campus can be deployed only as a containerized component on the Unified Platform through the Unified Platform GUI. Before deploying SeerEngine-Campus on a server, you must deploy SNA Installer and the Unified Platform on the server first. See H3C Unified Platform Deployment Guide for the deployment procedure.

Preparing for installation

Component dependencies

To set up a SeerEngine-Campus network, you must deploy DHCP and EIA servers in addition to the SeerEngine-Campus component.

DHCP servers are required for assigning IP addresses to network devices during the zero-touch deployment process and to endpoint users requesting network access on the campus network.

You can deploy one DHCP server in standalone mode, or deploy two DHCP servers in cluster mode for high availability.

The SeerEngine-Campus network supports both Microsoft DHCP servers and vDHCP servers, of which vDHCP servers are more commonly used. The vDHCP server is provided by the Unified Platform as a public service component.

To use Microsoft DHCP servers, see the related document for the deployment procedure.

To use vDHCP servers, deploy the vDHCP Server component together with SeerEngine-Campus from the Unified Platform.

The EIA component manages endpoint authentication and access.

Standalone deployment restrictions

The following restrictions apply to standalone SeerEngine-Campus deployments:

· The remote backup function must be enabled on the standalone SeerEngine-Campus controller. This function allows the controller to back up its configuration and data to a remote server periodically (typically once in a couple of days). In case that SeerEngine-Campus redeployment is required, you can restore the most recent backup files for the system with minimal data loss.

· Failures of server hardware components such as physical drives or RAID controllers cannot be recovered by rebooting the server. The SeerEngine-Campus service will be affected or unavailable until the faulty hardware or server is replaced. However, the time required for the replacement cannot be directly evaluated since it might involve purchasing the replacement components.

· Standalone SeerEngine-Campus deployments do not support the following features:

¡ High availability.

¡ IP-username bindings.

¡ MAC portal authentication from endpoints shared by multiple users.

Installation packages

Before the deployment, obtain the installation packages for the SeerEngine-Campus, vDHCP Server, and EIA Server components.

Table 1 Installation packages for SeerEngine-Campus and vDHCP Server

Scenario	Component	Component installation package
Campus network	SeerEngine-Campus	SeerEngine_CAMPUS-version-MATRIX.zip
	vDHCP Server	vDHCPS-version.zip
	EIA Server	EIAversion.zip

Server requirements

Hardware requirements

SeerEngine-Campus can be deployed on a single server or on a cluster of three or more servers. The controller can be deployed separately or deployed together with SeerAnalyzer on a server. Table 2 describes the hardware requirements for deploying SeerEngine-Campus separately on a server. For the hardware requirements of converged deployment of SeerEngine-Campus and SeerAnalyzer, see the deployment guide for SeerAnalyzer.

Table 2 Hardware requirements

Item	Requirements
Drive	The drives must be set up in RAID 1, 5, or 10 mode. · System drive: 7.2K RPM SATA/SAS HDDs, with a size of 2.4 TB or above in RAID setup. · etcd drive: 7.2K RPM SATA/SAS HDDs, with a size of 50 GB or above in RAID setup. (Installation path: /var/lib/etcd.) · Storage controller: 1GB cache, power fail protected with a supercapacitor installed. · Data drive: SSDs or SATA/SAS HDDs. As a best practice, configure a minimum of three data drives in RAID 5.
NIC	· Non-bonding mode: 2 × 10 Gbps or above Ethernet ports. · Bonding mode (recommended mode: mode 2 or mode 4): 2 × 10 Gbps Linux bonding interfaces. As a best practice, enable the controller and the Unified Platform to share one NIC, enable the SeerAnalyzer southbound network to use a separate NIC. If the southbound networks can only use one NIC, the southbound networks for the controller and SeerAnalyzer can share one NIC.

Item

Requirements

Drive

The drives must be set up in RAID 1, 5, or 10 mode.

· System drive: 7.2K RPM SATA/SAS HDDs, with a size of 2.4 TB or above in RAID setup.

· etcd drive: 7.2K RPM SATA/SAS HDDs, with a size of 50 GB or above in RAID setup. (Installation path: /var/lib/etcd.)

· Storage controller: 1GB cache, power fail protected with a supercapacitor installed.

· Data drive: SSDs or SATA/SAS HDDs. As a best practice, configure a minimum of three data drives in RAID 5.

NIC

· Non-bonding mode: 2 × 10 Gbps or above Ethernet ports.

· Bonding mode (recommended mode: mode 2 or mode 4): 2 × 10 Gbps Linux bonding interfaces. As a best practice, enable the controller and the Unified Platform to share one NIC, enable the SeerAnalyzer southbound network to use a separate NIC. If the southbound networks can only use one NIC, the southbound networks for the controller and SeerAnalyzer can share one NIC.

IMPORTANT:

In the following tables, the ratio of switches to ACs/APs is 1:3.

Table 3 Standalone deployment of the controller

Node settings	Maximum resources that can be managed
Controller	1	· CPU: 4 cores, 2.0 GHz. · Memory: 16 GB. · System drive: 200 GB (after RAID setup).	300 switches

Node settings

Maximum resources that can be managed

Node name

Node quantity

Minimum single-node requirements

Controller

· CPU: 4 cores, 2.0 GHz.

· Memory: 16 GB.

· System drive: 200 GB (after RAID setup).

300 switches

Table 4 Cluster deployment of controllers

Node settings			Maximum resources that can be managed
Node name	Node quantity	Minimum single-node requirements	Maximum resources that can be managed
Controller	3	· CPU: 4 cores, 2.0 GHz. · Memory: 16 GB. · System drive: 200 GB (after RAID setup).	300 switches
Controller	3	· CPU: 6 cores, 2.0 GHz. · Memory: 24 GB. · System drive: 300 GB (after RAID setup).	2000 switches
Controller	3	· CPU: 8 cores, 2.0 GHz. · Memory: 32 GB. · System drive: 500 GB (after RAID setup).	5000 switches

IMPORTANT:

· The server must support the CentOS 7.6 or later operating system.

· NIC bonding allows you to bind multiple NICs to form a logical NIC for NIC redundancy, bandwidth expansion, and load balancing. NIC bonding can be configured on servers and switches. For more information about configuring NIC bonding, see H3C Unified Platform Deployment Guide.

Application installation packages

SeerEngine-Campus is deployed on the Unified Platform. Table 5 shows the application installation packages required when you install the Unified Platform. The following installation packages must be deployed when you deploy the Unified Platform:

· common_PLAT_GlusterFS_2.0_<version>.zip (required)

· general_PLAT_portal_2.0_<version>.zip (required)

· general_PLAT_kernel_2.0_<version>.zip (required)

The following installation packages are deployed automatically when you deploy SeerEngine-Campus components:

· general_PLAT_kernel-base_2.0

· general_PLAT_network_2.0

· general_PLAT_Dashboard_2.0

· general_PLAT_widget_2.0

Table 5 Installation packages

Installation package	Description	Remarks
common_PLAT_GlusterFS_2.0_<version>.zip	Provides local shared storage functionalities.	Required.
general_PLAT_portal_2.0_<version>.zip	Provides portal, unified authentication, user management, service gateway, and help center functionalities.	Required.
general_PLAT_kernel_2.0_<version>.zip	Provides access control, resource identification, license, configuration center, resource group, and log functionalities.	Required.
general_PLAT_kernel-base_2.0_<version>.zip	Provides alarm, access parameter template, monitoring template, report, email, and SMS forwarding functionalities.	Optional.
general_PLAT_network_2.0_<version>.zip	Provides basic network management functions, including network resources, network performance, network topology, and iCC.	Required.
general_PLAT_Dashboard_2.0_<version>.zip	Provides the dashboard framework.	Required.
general_PLAT_widget_2.0_<version>.zip	Provides dashboard widget management.	Required.
general_PLAT_websocket_2.0_<version>.zip	Provides the southbound Websocket function.	Optional. Required for traditional device automation
general_PLAT_cmdb_2.0_<version>.zip	Provides database configuration and management.	Optional.
general_PLAT_kernel_region_2.0_<version>.zip	Provides hierarchical management functions.	Optional

Deployment procedure at a glance

Table 6 Deployment procedure

Task	Procedure	Remarks
Install the H3Linux operating system	Install the H3Linux operating system on each server.	See H3C Unified Platform Deployment Guide.
Deploy the Unified Platform	· Deploy Installer. · Configure Installer cluster parameters. · Deploy the Installer cluster. · Deploy the Unified Platform.	See H3C Unified Platform Deployment Guide.
Deploy the SeerEngine-Campus, vDHCP Server, and EIA components	Deploy the required components.	See "Deploying the controller."

Client requirements

You can access the Unified Platform from a Web browser without installing any client. For more information, see H3C Unified Platform Deployment Guide.

Pre-installation checklist

Table 7 Pre-installation checklist

Item		Requirements
Server	Hardware	· The CPUs, memory, drives, and NICs meet the requirements. · The server supports the Unified Platform.
Server	Software	The system time settings are configured correctly. As a best practice, configure NTP for time synchronization and make sure the devices synchronize to the same clock source.
Client		You can access the Unified Platform from a Web browser without installing any client. As a best practice, use Google Chrome 55 or a later version.

Deploying the controller

IMPORTANT:

· The controller runs on the Unified Platform. You can deploy, upgrade, and uninstall it only on the Unified Platform.

· Before deploying the controller, make sure the required applications have been deployed.

Preparing for deployment

Enabling the NICs

SeerEngine-Campus and vDHCP Server run in containerized mode on a physical server and require NICs for processing their service traffic. You can use the NIC assigned to the Unified Platform for this purpose, or enable new NICs. The latter is recommended to ensure network stability. To use bonding NICs, double the number of enabled NICs.

To enable a NIC:

1. Log in to the server on which the Unified Platform is deployed remotely and edit the NIC configuration file. This example edits the configuration file for NIC ens192.

a. Open the NIC configuration file.

[root@sujin1 /]# vi /etc/sysconfig/network-scripts/ifcfg-ens192

b. Set the BOOTPROTO field to none to remove NIC startup protocols, and set the ONBOOT field to yes to enable automatic NIC connection at server startup.

2. Restart the NIC.

[root@sujin1 /]# ifdown ens192

[root@sujin1 /]# ifup ens34

3. Use the ifconfig command to display network information and verify that the NIC is in up state.

Planning the networks

The campus scenario uses the Layer 3 network scheme, where the controller NIC IP and the two IP addresses of the device are on different subnets. In this network scheme, device in multiple fabrics can come online automatically. For the controller to provide automated underlay network deployment function, you must configure DHCP relay agent on the Layer 3 gateway device between the server that hosts the controller and the spine and leaf devices.

The solution deploys the following networks:

· Calico network—Network for containers to communicate with each other. The Calico network uses the IP address pool (177.177.0.0 by default) specified at Unified Platform cluster deployment. You do not need to configure addresses for the Calico network at component deployment. The network can share the same NIC as the MACVLAN network.

· MACVLAN network—Management network for the SeerEngine-Campus and the vDHCP components. You must plan network address pools for the MACVLAN network before deploying a component.

As a best practice, use Table 8 to calculate the number of required IP addresses in the subnet assigned to the MACVLAN network. For example, if the SeerEngine-Campus cluster has three members and the vDHCP cluster has two members, the required number of IP addresses is: (1*3+1) + (1*2+1)=7.

Table 8 IP address planning for the MACVLAN network

Component name

Max cluster members

Default cluster members

Required addresses for SeerEngine-Campus or vDHCP

SeerEngine-Campus

1*Member quantity + 1

The additional address is reserved as the cluster IP address.

vDHCP

Figure 1 Network planning

Deploying SeerEngine-Campus and vDHCP

1. Log in to the Unified Platform. See H3C Unified Platform Deployment Guide for the operation procedure.

2. On the top navigation bar, click System.

3. Click Settings.

4. Click Install.

5. Click Upload to upload the SeerEngine-Campus, vDHCP Server, EIA packages to the system.

Figure 2 Upload Package page

6. Select components to deploy, and then click Next.

¡ Campus Network—Specify the SeerEngine-Campus version, and select Converged EIA.

¡ The End User Intelligent Access—Specify the EIA version.

¡ Public Service—Specify the vDHCP Server version. The Unified Platform will deploy the vDHCP server in a two-node cluster automatically.

Figure 3 Selecting components (1)

Figure 4 Selecting components (2)

7. Retain default parameter settings and click Next.

8. Specify network information, create subnets, configure host information, and then click Next.

The controller uses the management network to manage southbound devices. Configure the following parameters as needed:

¡ VLAN—If multiple networks use the same uplink interface on a host, configure VLANs to isolate the networks. By default, no VLAN is specified.

¡ Subnet CIDR, Gateway, Address Pool—The platform uses the subnet and address pool to assign IP addresses to components and uses the gateway as the default gateway for containers.

¡ Uplink Interface—Hosts use their uplink interface for providing services to SeerEngine-Campus and vDHCP Server containers.

Figure 5 Network Configuration

NOTE:

Address pool settings cannot be edited once applied. As a best practice, configure a minimum of 32 IP addresses in each address pool.

9. Skip node binding and click Next.

Figure 6 Binding to nodes

10. Bind networks and subnets to SeerEngine-Campus and vDHCP Server, and then click Next.

Figure 7 Binding networks and subnets to components

11. Confirm parameters and then click Deploy.

¡ Cluster IP—The platform sets the cluster IP address for each component based on address pool configuration. To edit the cluster IP address for a component, click Reset. Make sure the manually specified address is within the specified subnet for the component.

¡ VRRP Group Number—Specify a VRRP group number for vDHCP, in the range of 1 to 255. Specify different VRRP group numbers for vDHCP servers in the same network.

¡ EIA parameters—The EIA component uses the northbound service virtual IP as the system address. You do not need to confirm EIA parameters.

Figure 8 Confirming campus network parameters

Figure 9 Confirming vDHCP server parameters

Figure 10 Confirming EIA parameters

NOTE:

In the campus network scenario, the system will automatically identify and install component dependencies when installing SeerEngine-Campus, vDHCP Server, and EIA.

12. To view detailed information about a component, click the icon to the left of a component, and then click in the Actions column for that component.

Figure 11 Expanding component information

Figure 12 Component details

13. After deployment, click Home on the top navigation bar to access the SeerEngine-Campus controller home page.

Figure 13 SeerEngine-Campus controller home page

Registering and installing licenses

After you install the controller, you can use its complete features and functions for a 180-day trial period. After the trial period expires, you must get the controller licensed. For how to license the vDHCP server, see the user guide for the vDHCP server.

Installing the activation file on the license server

For the activation file request and installation procedure, see H3C Software Products Remote Licensing Guide.

Obtaining licenses

1. Log in to the SeerEngine-Campus controller.

2. From the navigation pane, select System > License.

3. Configure the parameters for the license server as described in Table 9.

Table 9 License server parameters

Item	Description
IP address	Specify the IP address configured on the license server used for internal communication in the cluster.
Port number	Specify the service port number of the license server. The default value is 5555.
Username	Specify the client username configured on the license server.
Password	Specify the client password configured on the license server.